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CONTINUOUS CIPHER SYNCHRONIZATION FOR CELLULAR COMMUNICATION SYSTEM 



BACKGROUND OF THE INVENTION 

Field of the Invention 

The present Invention relates to digital cellular 
communication systems, and nrK»re particulariy, to a 
method and apparatus for the encryption of data com- 
munications within such a system. 

History of the Prior Art 

Cellular radio communications is, perhaps, the 
fastest growing field in the world-wide telecommuni- 
cations industry. Although cellular radio communi- 
cation systems comprise only a small fraction of the 
telecommunications systems presently in operation, it 
is widely believed that this fraction will steadily 
increase and will represent a major portion of the 
entire telecommunications market in the not too dis- 
tant future. This belief is grounded in the inherent limi- 
tations of conventional telephone communications 
networks which rely primarily on wire technology to 
connect subscribers within the network. A standard 
household or office telephone, for example, is con- 
nected to a wall outlet, or phone jack, by a telephone 
cord of a certain maximum length. Similariy, wires 
connect the telephone outlet with a local switching 
office of the telephone company. A telephone user's 
movement is thus restricted not only by the length of 
the telephone cord^ but also by the availability of an 
operative telephone outlet, i.e. an outlet wich has 
been connected with the local switching office. 
Indeed, the genesis of cellular radk) systems can be 
attributed, in large part, to the desire to overcome 
these restrictions and to afford the telephone user the 
freedom to move about or to travel away from his 
home or office without sacrificing his ability to com- 
municate effectively with others. In a typical cellular 
radio system, the user, or the user's vehicle, carries 
a relatively small, wireless device which communi- 
cates with a base station and connects the user to 
other mobile stations in the system and to landline 
parties in the public switched telephone network 
(PSTN). 

A significant disadvantage of existing cellular 
radk) communication systems Is the ease with which 
analog radio transmissions may be Intercepted. In 
particular, some or all of the communications between 
the mobWe station and the base station may be moni- 
tored, without authorization, simply by tuning an 
appropriate electronic receiver to the frequency or fre- 
quencies of the communications. Hence, anyone with 
access to such a receiver and an interest in eaves- 
dropping can violate the privacy of the communi- 
cations virtually at will and with total impunity. While 



there have been efforts to make electronic eavesdrop- 
ping illegal, the clandestine nature of such activities 
generally means that most, if not all, instances of 
eavesdropping will go undetected and, therefore, 
unpunished and undeterred. The possibility that a 

5 competitor or a foe may decide to "tune in" to one's 
seemingly private telephone conversations has 
heretofore hindered the proliferation of cellular radto 
communicatton systems and, left unchecked, will con- 
tinue to threaten the viability of such systems for 

10 businesses and government applications. 

It has recently become clear that the cellular radk) 
telecommunications systems of the furure will be 
implemented using digital rather than analog technol- 
ogy. The switch to digital is dictated, primarily, by con- 

15 siderations relating to system speed and capacity. A 
single analog, or voice, radio frequency (RF) channel 
can accommodate four (4) to six (6) digital, or data, RF 
channels. Thus, by digitizing speech prior to transmis- 
sion over the voice channel, the channel capacity and, 

20 consequently the overall system capacity, may be 
increased dramatically without Increasing the 
bandwidth of the voice channel. As a corollary, the 
system is able to handle a substantially greater nunrv 
ber of mobile stations at a significantly lower cost. 

25 Although the switch from analog to digital cellular 

radio systems ameliorates somewhat the likelihood of 
breeches in the security of communications between 
the base station and the mobile station, the risk of 
electronic eavesdropping is far from eliminated. A 

30 digital receiver may be contructed which Is capable of 
decoding the digital signals and generating the origi- 
nal speech. The hardware may be more complicated 
and the undertaking more expensive than in the case 
of analog transmissbn, but the possibility persists that 

35 highly personal or sensitive conversations in a digital 
cellular radio system may be monitored by a third 
party and potentially used to the detriment of the sys- 
tem users. Morevover, the very possibility of a third 
party eavesdropping on a telephone conversation 

40 automatically precludes the use of cellular teleconr>- 
munlcations in certain government applications. Cer- 
tain business uses may be equally sensitive to the 
possibility of a security breech. Thus, to render cellu- 
lar systems as viable alternatives to the conventional 

45 wireline networks, security of communications must 
be available on at least some circuits. 

Once a decision has been made to protect the 
transmission of digital Information (data) from 
unauthorized access, the originator (sender) and the 

50 intended recipient (receiver) of the data must agree 
on a secret mechanism for enciphering (encrypting) 
and deciphering (decrypting) the information. Such an 
agreement usually Involves a mutual commitment to 
use a particular encryption device which may be 
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widely available, but which can be programmed with 
a secret key specific to the sender and receiver. The 
agreement, however, must also include choices with 
respect to the encryption technique and the method of 
synchronization to be used by the encryption device. 5 

Several encryption techniques are known and 
implemented by prior art encryption devices. In one 
such technique, known as "block substitution", the 
secret key bits are mixed with blocks of data bits to 
produce blocks of encrypted data. With block sub- io 
stitution, blocks of data bits which differ merely by a 
single bit produce encrypted data blocks which differ, 
on the average, in one half (1/2) of their bit positions, 
and vise versa. Simllariy. encrypted data blocks differ- 
ing only in one bit position will produce decrypted data is 
blocks differing, on the average, in one half (1/2) of 
their bit positions. This type of encryption/decryption 
tends to magnify the effects of bit errors which may 
occur upon transmission of the encrypted data and, 
therefore, is not an appropriate technique for use in 20 
digital radio communications. 

Another known encryption technique relies on a 
keystream generator and modular arithmetic or finite 
math. A plurality of secret key bits and a series of 
clock pulses are applied to the keystream generator 25 
which generates a stream of pseudo-random bits 
referred to as a keystream. The keystream bits are 
then bit-by-bit modulo-2 added to the data bits prior to 
transmission by the sender. An Identical keystream 
generator is used by the receiver to produce an iden- 30 
tical keystream of bits which are then bit-by-bit mod- 
ulo-2 subtracted from the received encrypted data 
stream to recover the original data. Proper implemen- 
tation of this technique requires that the keystream 
generated at the receiver and subtracted from the 35 
encrypted data is in hanmony with the keystream gen- 
erated at the sender and added to the original data. 

A variety of approaches to the issue of synchroni- 
zation may be found in prior art enciyption systems.ln 
most encryption systems, synchronization may be 40 
viewed as an agreement between the sender and the 
receiver on the number of clock pulses to be applied 
from a common initial state until the generation of a 
particular bit. Other prior art encryption systems, how- 
ever, do not keep a running count of the number of 45 
applied dock pulses and rely, instead, on the initiali- 
zation of the sender and receiver to the same state at 
the beginning of a frame and the applicatton of an 
identical number of dock pulses thereafter. The 
shortcoming of the latter scheme is the difficulty of so 
reestablishing synchronization should the sender and 
receiver fall out of synchronization during a particular 
frame. 

In the case the nrK)bile radio system lacks a global 
time reference, i.e. a time reference which is common 55 
to all mobiles and base stations 
in the system, it is not possible to synchronize the 
mobiles and base stations to a common dock when 



the synchronization of a transmitting base statton/nK)- 
bile (or vice versa) is lost or drops off for some reason 
or other, for instance during hand-over. When the con- 
versation taking place between the two stations is 
also ciphered, further problems can occur due to a 
drop-off in the synchromism for the actual ciphering 
code, thereby making decipher ing impossible. 

A solution to this problem has been proposed in 
the International Patent Application PCT/SE 
90/00497, which describes a mobile radio system in 
which both speech/data and signalling infonmation 
are ciphered. When both the crypted speech/data 
information and the signalling information drop-off, a 
ciphered (or non-ciphered) signal infonnation is sent 
to the mobile, which discloses the number of frame 
intervals after which ciphering shall be recommenced 
subsequent to said drop-off, for instance during hand- 
over. This earlier proposed method, however, uses 
solely the associated control channel (FACCH) which 
transmits ciphered signalling for the 
synchronization. If the ciphered signalling transmitted 
in accordance with this method should fail, there is no 
other possiblity of resynchronizing the ciphering of 
speech/data and signalling information. 

Yet another type of encryption system indudes a 
counter which maintains a count of the number of 
keystream bits, or blocks of keystream bits, previously 
generated. The output bits of the counter are conrv 
bined with the secret key bits to generate the keys- 
tream. Because the transmitter and receiver counters 
are incremented on a regular basis and, therefore, 
take on the characteristics of a digtal time/date dock, 
such an encryption system is often referred to as a 
time-of-day driven encryptton system. 

The advantage of the time-of-day driven encryp- 
tion system resides in the fact that if the receiver 
counter falls out of synchronizatbn with the transmit- 
ter counterand the system has the capability of provi- 
ding the receiver with the curent transmitter counter 
value, the receiver counter may be immediately reset 
to the transmitter counter value instead of returning to 
the beginning and applying the entire history of dock 
pulses. The difficulty with such a system, however, is 
the provision of the transmitter counter value on a suf- 
ficiently frequent basis to avoid the accumulatfon of 
errors caused by the divergence of the receiver 
counter value from the transmitter counter value for a 
relatively long period of time. The present invention 
prevents such accumulation of errors by providing 
continuous or very frequent updates of the transmitter 
counter value which may be used to reset the receiver 
counter and to resynchronize the system without the 
necessity of reinitialization and repetition of the inter- 
vening dock pulses. 

SUMMARY OF THE INVENTION 

In one aspect of the invention there is induded a 



4 



5 



EP 0 446 194 A1 



6 



method of communicating cryptographically encoded 
data within a digital telecommunications system in 
which a first pseudo-random key stream of bits is gen- 
erated In accordance with an algorithm that is a func- 
tion of a multi-bit digital value contained in a first 5 
register. The value contained in the first register is 
incremented at regular periodic intervals to vary the 
pattern of bits in the first key stream. The bits of the 
first pseudorandom key stream are combined with a 
stream of data bits carrying communications infer- io 
mation to cryptographically encode the data and the 
encoded data is transmitted to a receiver. 

Also transmitted to the receiver at regular periodic 
Intervals and interspersed with the transmissions of 
encoded data is the value contained in said first regi- 15 
ster. A second pseudo-random key stream of bits is 
generated In accordance with the algorithm which is 
a function of a multi-bit digital value contained in a 
second register. The value contained In the second 
register is incremented at the same regular periodic 20 
intervals as the first register to vary the pattern of bits 
in the second key stream in an identical fashion to the 
pattern of bits in the first key stream. The bits of the 
second pseudo-random key stream are combined 
with the received stream of cryptographically encoded 25 
data to decode the data into the communications 
lnformatk)n and the value contained in the second 
register is periodically compared with the received 
value of the first register to determine whether the two 
values match for corresponding moments of time 30 
andwhether the first and second key streams are in 
synchronism with one another. In a related aspect, the 
value contained in the second register is reset with the 
received value of the first register for a conresponding 
moment in time when the values have become diffent 35 
to resynchronize the first and second key streams 
with one another. 

In another aspect of the invention there is 
included a method for duplex communication of cryp- 
tographically encoded data within a digital telecom- 40 
munications system. In this aspect a first 
pseudo-random key stream of bits in generated at a 
first location In accordance with an algorithm which is 
a functton of a multi-bit digital value contained In a first 
register. The value contained in said first register Is 45 
incremented at regular periodic intervals to vary the 
pattern of bits in the first key stream. The bits of the 
first pseudo-random key stream is combined with a 
stream of data bits carrying communications infor- 
mation to be sent from the first location to a second so 
locatbn to cryptographically encode the data stream 
and with a stream of cryptographically encoded data 
stream received from the second locatton. The data 
stream encoded at the first location is transmitted to 
a receiver at the second locatbn along with the value 55 
contained in the first register which is sent at regular 
perk>dic intervals and Interspersed with the transmis- 
sk>ns of encoded data. A second pseudo-random key 



stream of bits which is a function of a multi-bit digital 
value contained in the second register is generated in 
accordance with the algorithm. The value contained in 
the second register is incremented at the same reg- 
ular perbdic intervals as the first register to vary the 
pattern of bits in the second key stream in an identk:al 
fashion to the pattern of bits in the first key stream. 
The bits of the second pseudo-random key stream are 
combined with the stream of cryptographically 
encoded data received at the second location to 
decode the data into the communications information 
and with a stream of data bit canrying communications 
informatk)n to be sent from the second location to the 
first location to crytographically encode the data 
stream. The data stream encoded at the second loca- 
tion is transmitted to a receiver at the first location and 
the value contained in the second register is period- 
ically compared with the received value of the first 
register to determine whether the two values conre- 
spond for corresponding moments of time and 
whether the first and second key streams are in 
synchronism with one another. 

The drawback with the earlier proposed method 
of maintaining synchronization for ciphering purposes 
is that there is only one possibility of reestablishing 
synchronization, namely over the associated control 
channel FACCH, which nonmally transmits the 
synchronizing infomnation contained by the random 
bit flow superimposed on the speech/data flow and 
the signalling flow. There is, however, a further 
associated control channel, the so-called slow 
associated control channel SACCH which could be 
used for transmitting synchronizing Information. The 
present method can be applied to a mobile radio sys- 
tem which, in addition to the aforesaid fast associated 
control channel FACCH, also includes a slow 
associated control channel SACCH. 

Thus, according to still another aspect of the pre- 
sent invention, information concerning frame 
synchronization is transmitted continuously between 
the two stations, in the form of a sequence or order 
number for the frames of the master station, i.e. even 
when the ciphered transmission between a master 
station (base station) and a slave station (mobile sta- 
tion) functions normally. This information is transmit- 
ted continuously over the slow associated control 
channel SACCH. If synchronization over the fast 
associated control channel FACCH drops-off, for inst- 
ance during hand-over, there is provided a further 
possi bil ity of synchron izing the frame generator of the 
slave station to the frame generator of the master sta- 
tion, and therewith ciphering between the stations. 

One object of the present invention is therefore to 
provide a reserve possiblity for synchronizing 
ciphered transmission of speech/data signals be- 
tween a stationary and a mobile station in a mobile 
radio system which includes a fast and a slow 
associated control channel. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will be better understood 
and Its numerous objects and advantages will 
become apparent to those skilled in the art by refer- 
ence to the following drawings in which: 

FIG. 1 Is a pictorial representation of a cellular 
radio communications system including a mobile 
switching center, a plurality of base stations and 
a plurality of mobile stations; 
FIG. 2 is a schematic block diagram of mobile sta- 
tion equipment used in accordance with one 
embodiment of the system of the present inven- 
tion; 

FIG. 3 is a schematic block diagram of base sta- 
tion equipment used in accordance with one 
embodiment of the system of the present inven- 
tion; 

FIG. 4 is a schematic block diagram of a prior art 
time-of-day driven encryption system; 
FIG. 5 is a pictorial representation of a message 
format used by a known synchronization mechan- 
ism; 

FIG. 6 is a schematic block diagram of a time-of- 
day or block-count driven encryption system 
which Includes a synchronization mechanism 
constructed in accordance with the present inven- 
tion; and 

FIG. 7 is a pictorial representation of an exemp- 
lariy multiplexing format which may be used in 
accordance with the present invention. 
FIG. 8 is a simplified block diagram of base sta- 
tion equipment illustrating that part of a base sta- 
tion in which the proposed method is applied, and 
FIG. 9 is a time diagram which illustrates the pro- 
posed method. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENT 

Refem'ng first to FIG. 1. there is illustrated therein 
a conventional cellular radio commmunications sys- 
tem of a type to which the present invention generally 
pertains. In FIG. 1, an arbitrary geographic area may 
be seen divkJed into a plurality of contiguous radio 
coverage areas, or cells, C1-C10, While the system of 
FIG. 1 Is shown to include only 10 cells, it should be 
clearly understood that, in practice, the number of 
cells may be much larger. 

Associated with and located within each of the 
cells C1-C10 is a base station designated as a corre- 
sponding one of a plurality of base stations B1-B10. 
Each of the base stattons B1-B10 includes a transmit- 
ter, a receiver and controller as is well known in the 
art. In FIG. 1, the base stations B1-B10 are located at 
the center of the cells C1-C10, respectively, and are 
equipped with omni-directtonal antennas. However, in 
other configurations of the cellular radk> system, the 



base stations B1-B10 may be located near the 
periphery, or otherwise away from the centers of the 
cells C1-G10 and may illuminate the cells G1-C10 
with radio signals either omni-directionally or direc- 
5 tionally. Therefore, the representatksn of the cellular 
radk) system of FIG. 1 is for purposes of illustration 
only and is not intended as a limitation on the possible 
implementations of the cellular radk> system. 

With continuing reference to FIG. 1, a plurality of 
10 mobile stations M1-M10 may be found within the cells 
C1-C10. Again, only ten nrrobile statbns are shown in 
FIG. 1 but it should be understood that the actual nunrv 
ber of mobile stations may be much larger in practice 
and will invariably exceed the number of base sta- 
ts tions. Moreover, while none of the mobile stattons M1- 
M10 may be found in some of the cells C1-C10, the 
presence or absence of the mobile stations M1-M10 
in any particular one of the cells C1-G10 should be 
understood to depend, In practice, on the individual 
20 desires of each of the mobile stations M1-M10 who 
may roam from one location in a cell to another orfrom 
one cell to an adjacent or neighboring cell. 

Each of the mobile stations M1-M10 is capable of 
initiating or receiving a telephone call through one or 
25 more of the base stations B1-B10 and a mobile 
switching center MSG. The mobile switching center 
MSG is connected by communications links, e.g. 
cables, to each of the illustrative base stations B1- 
B10 and to the fixed public switching telephone net- 
so work (PSTN), not shown, or a similar fixed network 
which may include an integrated system digital net- 
work (ISDN) facility. The relevant connecttons be- 
tween the mobile switching center MSG and the base 
stations B1-B1Q, or between the mobile switching 
35 center MSG and the PSTN or ISDN, are not com- 
pletely shown in FIG. 1 but are well known to those of 
ordinary skill in the art. Similariy, it is also known to 
include more than one mobile switching center in a 
cellular radio system and to connect each additional 
40 mobile switching center to a different group of base 
stations and to other mobile switching centers via 
cable or radio links. 

Each of the cells C1-C10 is allocated a plurality 
of voice or speech channels and at least one access 
45 or control channel. The control channel is used to con- 
trol or supervise the operation of mobile stations by 
means of information transmitted to and received from 
those units. Such information may include incoming 
call signals, outgoing call signals, page signals, page 
50 response signals,locatk)n registration signals,voice 
channel assignments, maintenance instructions and 
"handofT instructions as a mobile station travels out 
of the radio coverage of one cell and into the radk> 
coverage of another cell. The control or voice chan- 
55 nels may operate either In an analog or a digital mode 
or a combination thereof. In the digital mode, analog 
messages, such as voice or control signals, are con- 
verted to digital signal representations prior to trans- 
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mission over the RF channel. Purely data messages, 
such as those generated by computers or by digitized 
voice devices, may be formatted and transmitted 
directly over a digital channel. 

In a cellular radio system using time division 
multiplexing (TDM), a plurality of digital channels may 
share a common RF channel. The RF channel is 
divided into a series of "time slots", each containing a 
burst of infonmation from a different data source and 
separated by guard time from one another, and the 
tinr>e slots are grouped into "frames" as is well known 
in the art The number of time slots per frame varies 
depending on the bandwidth of the digital channels 
sought to be accomnrKxiated by the RF channel. The 
frame may, for example, consist of three (3) time slots, 
each of which is allocated to a digital channel. Thus, 
the RF channel will accommodate three digital chan- 
nels. In one emt>odiment of the present invention dis- 
cussed herein, a frame is designated to comprise 
three time slots. However, the teachings of the pre- 
sent Invention should be cleariy understood to be equ- 
ally applicable to a cellular radio system utilizing any 
number of time slots per frame. 

Referring next to FIG. 2, there is shown therein a 
schematic block diagram of the mobile station equip- 
ment wich are used in accordance with one embodi- 
ment of the present invention. The equipment 
illustrated in FIG. 2 may be used for communication 
over digital channels. A voice signal detected by a 
microphone 100 and destined for transmission by the 
mobile statbn is provided as input to a speech coder 
1 01 which converts the analog voice signal into a digi- 
tal data bit stream. The data bit stream is then divided 
Into data packets or messages in accordance with the 
time division multiple access (TDMA) technique of 
digital communications. A fast associated control 
channel (FACCH) generator 102 exchanges control 
or supervisory messages with a base station in the 
cellular radk> system. The conventional FACCH 
generator operates in a "blank and burst" fashion 
whereby a user frame of data is muted and the control 
message generated by the FACCH generator 102 is 
transmitted instead at a fast rate. 

In contrast to the blank and burst operation of the 
FACCH generator 102, a slow associated control 
channel (SACCH) generator 103 continuously 
exchanges control messages with the base station. 
The output of the SACCH generator is assigned a 
fixed length byte, e.g. 12 bits, and included as a part 
of each time slot in the message train (frames). Chan- 
nel coders 104, 105, 106 are connected to the speech 
coder 101, FACCH generator 102 and SACCH 
generator 103, respectively. Each of the channel cod- 
ers 104, 105 106 perfomns error detection and recov- 
ery by manipulating incoming data using the 
techniques of convolutional encoding, which protects 
important data bits in the speech code, and cyclic 
redundancy check (CRC), wherein the most signific- 



ant bits in the speech coder frame, e.g., 12 bits, are 
used for computing a 7 bit enror check. 

Referring again to FIG. 2, the channel coders 
104, 105 are connected to a multiplexer 107 which Is 

5 used for time drvisk)n multiplexing of the digitized 
voice messages with the FACCH supervisory mes- 
sages. The output of the multiplexer 1 07 is coupled to 
a 2-burst interieaver 108 which divides each data 
message to be transmitted by the mobile station (for 

10 example, a message containing 260 bits) into two 
equal but separate parts (each part containing 130 
bits) arranged in two consecutive time slots. In this 
manner, the deteriorative effects of Rayleigh fading 
may be significantly reduced. The ouput of the 2-burst 

15 interieaver 108 is provided as input to a modulo-2 
adder 109 where the data to be transmitted is 
ciphered on a bit-by-bit basis by logical modulo-2 
addition with a pseudo-random keystream which Is 
generated in accordance with the system of the pre- 

20 sent invention described below. 

The output of the channel coder 106 is provided 
as input to a 22-burst interieaver 110. The 22-burst 
interieaver 110 divides the SACCH data into 22 con- 
secutive time slots, each occupied by a byte consist- 

25 ing of 12 bits of control information. The interieaved 
SACCH data forms one of the inputs to a burst 
generator 111. Another input to the burst generator 

1 1 1 is provided by the output of the modulo-2 adder 
109. The burst generator 111 produces "message 

30 bursts" of data, each consisting of a time slot identifier 
(Tl), a digital voice color code (DVCC), control or 
supervisory infonmation and the data to be transmit- 
ted, as further explanied below. 

Transmitted in each of the time slots In a frame is 

35 a time slot identifier (Tl), which is used for time slot 
identification and receiver synchronization, and a digi- 
tal voice color code (DVCC), which ensures that the 
proper RF channel is being decoded. In the exem- 
plary frame of the present Invention, a set of three dif- 

40 ferent 28-bit Tts is defined, one for each time slot 
while an identical 8-bit DVCC is transmitted in each of 
the three time slots. The Tl and DVCC are provided 
in the mobile station by a sync word/DVCC generator 

112 connected to the burst generator 111 as shown 
45 in FIG. 2. The burst generator 111 combines the out- 
puts of the modulo-2 adder 109, the 22-burst inter- 
ieaver 1 1 0 and the sync word/DVCC generator 1 12 to 
produce a series of message bursts, each comprised 
of data (260 bits), SACCH infonmation (12 bits), Tl (28 

50 bits), coded DVCC (12 bits) and 12 delimiter bits for 
a total of 324 bits which are integrated according to 
the time slot format specified by the EIA/TIA IS-54 
standard. 

Each of the message bursts is transmitted in one 
55 of the three time slots included in a frame as discus- 
sed hereinabove. The burst generator 1 1 1 is connec- 
ted to an equalizer 113 which provides the timing 
needed to synchronize the transmission of one time 
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slot with the transmission of the other two time slots. 
The equalizer 1 13 detects timing signals sent from the 
base station (master) to the mobile station (slave) and 
synchronizes the burst generator 111 accordingly. 
The equalizer 113 may also be used for checking the 
values of the Tl and the DVCC. The burst generator 
111 is also connected to a 20ms frame counter 114 
which is used to update a ciphering code that is 
applied by the mobile station every 20ms, i.e., once 
for every transmitted frame. The ciphering code is 
generated by a ciphering unit 115 with the use of a 
mathematical algorithm and under the control of a key 
116 which Is unique to each mobile station. The 
algorithm may be used to generate a pseudo-random 
keystream in accordance with the present invention 
and as discussed further below. 

The message bursts produced by the burst 
generator 110 are provided as input to an RF mod- 
ulator 117. The RF modulator 1 1 7 is used for modulat- 
ing a carrier frequency according to the 7c/4-DQPSK 
technique (7t/4 shifted, differentially encoded quadrat- 
ure phase shift key). The use of this technique implies 
that the information to be transmitted by the mobile 
station is differentially encoded, i.e., two bit symbols 
are transmitted as 4 possible changes in phase: -i- or - 
nIA and + or - Stc M. The carrier frequency for the 
selected transmitting channel is supplied to the RF 
modulator 117 by a transmitting frequency synth- 
esizer 118. The burst nnsdulated carrier signal output 
of the RF modulator 117 is amplified by a power 
amplifier 119 and then transmitted to the base station 
through an antenna 120. 

The mobile station receives burst modulated sig- 
nals from the base station through an antenna 121 
connected to a receiver 122. A receiver carrier fre- 
quency for the selected receiving channel is gener- 
ated by a receiving frequency synthesizer 123 and 
supplied to an RF denrKxlulator 124. The RF demod- 
ulator 124 is used to demodulate the received carrier 
signal into an intemriediate frequency signal. The 
Intermediate frequency signal is then demodulated 
further by an IF demodulator 125 which recovers the 
original digital infonmation as it existed prior to /4- 
DQPSK modulation. The digital information is then 
passed through the equalizer 1 13 to a symbol detec- 
tor 126 whrch converts the two-bit symt>ol format of 
the digital data provided by the equalizer 114 to a 
single bit data stream. 

The symbol detector 126 produces two distinct 
outputs: a first output, comprised of digitzed speech 
data and FACCH data, and a second output, com- 
prised of SACCH data. The first output is supplied to 
a modulo-2 adder 127 which Is connected to a 2-burst 
deinterieaver 128. The modulo-2 adder 127 is con- 
nected to the ciphering unit 115 and is used to 
decipher the 4 encrypted transmitted data by subtract- 
ing on a bit-by-bit basis the same pseudo-random 
keystream used by the transmitter in the base station 



encrypt the data and which is generated in accord- 
ance with the teachings of the present invention set 
forth below. The modulo-2 adder 127 and the 2-burst 
deinterieaver 128 reconstruct the speech/FACCH 

5 data by assembling and rearranging information 
derived from two consecutive frames of the digital 
data. The 2-burst deinterieaver 128 is coupled to two 
channel decoders 129, 130 which decode the con- 
voiutlonally encoded speech/FACCH data using the 

10 reverse process of coding and check the cyclic redun- 
dancy check (CRC) bits to determine if any error has 
occurred. The channel decoders 129, 130 detect dis- 
tinctions between the speech data on the one hand, 
and any FACCH data on the other, and route the 

15 speech data and the FACCH data to a speech 
decoder 131 and an FACCH detector 132, respect- 
ively. The speech decoder 1 31 processes the speech 
data supplied by the channel decoder 129 in accord- 
ance with a speech coder algorithm, e.g. VSELP, and 

20 generates an analog signal representative of the 
speech signal transmitted by the base station and 
received by the mobile station. A filtering technique 
may then be used to enhance the quality of the analog 
signal prior to broadcast by a speaker 133. Any 

25 FACCH messages detected by the FACCH detector 
1 32 are forwarded to a microprocessor 134. 

The second output of the symbol detector 126 
(SACCH data) Is supplied to a 22-bur5t deinterieaver 
135. The 22-burst interieaver 135 reassembles and 

30 rearranges the SACCH data which is spread over 22 
consecutive frames. The output of the 22-burst dein- 
terieaver 135 Is provided as input to a channel 
decoder 136. SACCH messages are detected by an 
SACCH detector 137 and the control information is 

35 transferred to the microprocessor 134. 

The microprocessor 134 controls the activities of 
the mobile station and communications between the 
mobile station and the base station. Decisions are 
made by the microprocessor 134 in accordance with 

40 messages received from the base station and meas- 
urements performed by the mobile statfon. The micro- 
processor 134 is also provided with a tenminal 
keyt>oard input and display output unit 138. The 
keyboard and display unit 138 allows the mobile sta- 

45 tion user to exchange information with the base sta- 
tion. 

Referring next to FIG. 3, there is shown a 
schematic block diagram of the base station equip- 
ment which are used In accordance with the present 

so Invention. A comparison of the nrK)bHe station equip- 
ment shown in FIG. 2 with the base station equipment 
shown in FIG. 3 demonstrates that much of the equip- 
ment used by the nrK)bil6 statk)n and the base station 
are substantially identical in construction and func- 

55 tion. Such identical equipment are, for the sake of 
convenience and consistency, designated with the 
same reference numerals in FIG. 3 as those used in 
connection with FIG. 2, but are differentiated by the 
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addition of a prime ('} in FIG. 3. 

There are, however, some minor differences be- 
tween the nrK)bi!e station and the base station equip- 
ment. For instance, the base station has, not just one 
but, two receiving antennas 121'. Associated with 
each of the receiving antennas 121' are a receiver 
122', an RF demodulator 124', and an IF demodulator 
125'. Furthermore, the base station includes a prog- 
rammable frequency combiner 118A' which is con- 
nected to a transmitting frequency synthesizer 118'. 
The frequency combiner 118A' and the transmitting 
frequency synthesizer 118' carry out the selection of 
the RF channels to be used by the base station 
according to the applicable cellular frequency reuse 
plan. The base station, however, does not include a 
user keytx)ard and display unit similar to the user 
keyboard and display unit 138 present in the mobile 
station. It does however include a signal level meter 
100' connected to measure the signal received from 
each of the two receivers 122' and to provide an out- 
put to the microprocessor 134'. Other differences in 
equipment between the mobile station the base sta- 
tion may exist which are well known in the art 

The discussion thus far has focused on the oper- 
ational environment of the system of the present 
invention. A specific description of a particular embo- 
diment of the present invention follows. As disclosed 
above and used hereinafter, the term "keystream** 
means a pseudo-random sequence of binary bits or 
blocks of bits used to encipher a digitally encoded 
message or data signal prbr to transmission on stor- 
age in a medium which is susceptible to unauthorized 
access, e.g., an RF channel. A "keystream generator** 
means a device which generates a keystream by pro- 
cessing a secret key comprised of a plurality of bits. 
Encryption may be simply perfonmed by a modulo-2 
additk>n of the keystream to the data to be encrypted. 
Similarly, decryption Is performed by a modulo-2 sub- 
traction of an identical copy of the keystream from the 
encrypted data. 

Generally speaking, the keystream generator 
provides a mechanism, represented by elements 115 
and 1 15' of FIG. 2 and 3, respectively, for expanding 
a relatively small number of secret bits, i.e., the secret 
key, represented by elements 116 and 116', into a 
much larger number of keystream bits which are then 
used to encrypt data messages prior to transmission 
(or storage). To decrypt an encoded message, the 
receiver must "know" the index to the keystream bits 
used to encrypt the message. In other words, the 
receiver must not only have the same keystream 
generator and generate the same keystream bits as 
the transmitter, but also, the receiver keystream 
generator must be operated in synchronism with the 
transmitter keystream generator If the message is to 
be properly decoded. Synchronization is normally 
achieved by transmitting from the encoding system to 
the decoding system the initial contents of every inter- 



nal memory device, such as bit, block or message 
counters, which participate in the generation of the 
keystream bits. Synchronization may be simplified, 
however, by using arithmetic bit block counters, such 

5 as binary counters, and increamenting those counters 
by a cenrtain amount each time a new block of keys- 
tream bits is produced. Such counters may form a part 
of a real-time, i.e. hours, minutes and seconds, dock 
chain. A keystream generator relying on the lattertype 

10 of counters is known as the "time-of-day" driven keys- 
tream generator to which reference was made 
hereinabove. 

Refem'ng now to FIG. 4, aschematic block diag- 
ram of a prior art time-of-day driven encryption system 

15 may now be seen. The upper half of FIG. 4 represents 
the transmitter portion, and the lower half represents 
the receiver portion, of such an encryption system. In 
the transmitter portion, a time clock or block counter 

201 generates a count 213, for example, a 32-blt out- 
20 put, in response to an increment 215 applied at the 

input of the time clock or block counter 201. The count 
21 3 is provided as a first input to a combinatorial logic 
or mixing process 202. A secret key, for example, the 
value 968173 in binary notation, is provided as a sec- 
25 ond input 211 to the combinatorial logic or mixing pro- 
cess 202. With each occurrence of a new value for the 
count 213, the combinatorial logic or mixing process 

202 combines or mixes the secret key 21 1 with the 
count 213 and generates a plurality of pseudo-ran- 

30 dom keystream bits at a serial or parallel output 209. 
The keystream output 209 is then provided as an input 
to a modulo-2 adder 203. The data to be encrypted 
forms a second Input 207 to the modulo-2 adder 203. 
Each of the keystream bits is modulo-2 added to a 

35 particular data bit by the modulo-2 adder 203 and the 
encrypted data is supplied to output 218 for transmis- 
sion through the medium. 

In the receiver portion, a time clock or block 
counter 204, which is identical in construction to the 

40 time clock or block counter 201 and is provided with 
an increment 216 identical to the increment 215, sup- 
plies a count 214 to a combinatorial logic or mixing 
process 205, which is identical in construction to the 
combinatorial logic or mixing process 202. The com- 

45 binatorial logic or mixing process 205 combines or 
mixes the count 214 with an Identical secret key. I.e., 
968173 in binary notation, which Is provided at input 
212, thereby producing a keystream at an output 210 
which is identical to the keystream produced at the 

50 output 209. The keystream output 210 is bit-by-bit 
modulo-2 added to the encrypted data received over 
the transmission medium by a moduIo-2 adder 206. 
Since modulo-2 addition and modulo-2 subtraction 
are the same operation, the modulo-2 addition of the 

55 identical keystream at the receiver cancels the previ- 
ous addition of the keystream at the transmitter and 
results in the recovery of the original data at output 
208. Note, however, that such cancellation and pro- 
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per deciphering of the encrypted data will occur only 
if the time clocks or block counters 2f01 , 204 are per- 
fectly synchronized with one another. An appropriate 
synchronization mechanism 217 must be provided for 
this purpose. 

Referring next to FIG. 5, there is shown therein a 
message format used by a known synchronization 
mechanism. The message format reflects the 
arrangement of data in each time slot (burst) of a 
frame. Immediately following the beginning of each 
message, i.e., after message start, all the state values 
(output bits) of the time clock or block counter 201, 
e.g.. all 32 bits of the count 213, are transmitted as a 
preamble to a sequence of encrypted message bits. 
To avoid transmission errors which could cripple 
synchronization, the count bits are preferably redun- 
dantly encoded using a powerful error correction code 
and the coded bits interleaved within the transmitted 
signal to disperse the redundancy in time thereby 
Increasing tolerance to burst errors. The coding of the 
count bits should expand the number of bits to be 
transmitted by a considerable factor, for example, a 
factor of eight (8), so as to provide the redundancy 
needed to attain close to a hundred percent (100%) 
probability of error-free transmission of the encoded 
count bits. Following the transmission of the redun- 
antly encoded but unencrypted preamble, the encryp- 
ted message bits are transmitted over the 
transmission medium. 

The synchronization mechanism illustrated in 
FIG. 5 may perhaps be adequate for communications 
ove simplex channels. I.e., "press-to-talk" or 
"over/over" radiotelephony. If an "over" is missed due 
to faulty synchronization, the user can simply request 
a repeat of that transmission. By comparison, com- 
munications over duplex channels, i.e., normal bi- 
directional radiotelephony, typically do not switch 
directions in an "over/over" fashion and convers- 
ations, once established, frequently continue for a 
substantia! period of time, if a duplex communications 
system has no means of establishing synchronization 
other than at the beginning of a call, a loss of 
synchronization during the call would result in a loss 
of the call forcing the user to reestablish communi- 
cattons by placing another call. In the context of a cel- 
lular radio system utilizing encryption/decryption 
devices, such a loss of synchronization would require 
the user to take some affimnative actfon, for example 
to redial the desired telephone number. The present 
invention provides a method and apparatus which 
obviate the necessity and inconvenience of redial 
upon loss of synchronization and which provide fre- 
quient opportunities during an ongoing radio tele- 
phone conversation to quickly correct any loss of 
synchronization of synchronization between the 
transmitter portion and the receiver portbn described 
in connection with FIG. 4. 

In the discussion of FIGs. 1-3, mention was made 



of the Slow Associated Control Channel (SACCH) 
which is used to convey a low rate data stream of 
management and control Information between the 
mobile station and the base station and vice versa. 

5 The SACCH is often used by the mobile station for the 
transmission of signal strength information that allows 
the system to detemiine which of the surrounding 
base stations is best suited for maintaining contact 
with the mobile station. As discussed hereinbefore, 

10 the SACCH infonmation bits are interieaved and mul- 
tiplexed with the voice traffic bits prior to transmissk)n. 
The present invention makes additional use of the 
SACCH to continuously broadcast the state of the 
time clock or block counter which, as previously des- 

15 cribed, controls the operation of the time-of-day or 
block-count driven encryption device.lt should be 
cleariy understood, however, that the teachings of the 
present invention encompass the use of any other low 
bit rate auxiliary channel which may be available in 

20 the system. 

Referring now to FIG. 6, there is shown therein a 
schematic block diagram of time-of-day or block- 
count driven encryption system, including a 
synchronization mechanism constructed in accord- 

25 ance with the present invention. A ciphering unit 220 
at the transmitter, e.g., the transmitter portton In FIG. 
5, converts a stream of message bits into a stream of 
enciphered bits for transmission at a mean data rate 
of Bi bits/second. The ciphering unit 220 also pro- 

30 vides a current time-of-day or block count, e.g., the 
count 213, to an auxiliary, low rate channel encoder 
221. Depending on the extent of other low-rate data, 
the encoder 221 may include the encoded time-of-day 
or block count in an output stream generated at an 

35 average rate of 82 bits/second. The auxiliary stream 
of B2 bits/second is then combined with the 
enciphered message stream of BI bits/second by a 
multiplexer 222 to produce a stream of B1-«'B2 
bits/second for transmission over the communi- 

40 cations medium. 

It should be recognized that other overiiead bits, 
such as demodulator synchronization patterns or 
further redundancy of the data In the form of error cor- 
rection coding, may be added prior to transmission of 

45 the stream of B1+B2 bits/second, but is not specifi- 
cally shown in the simplified block diagram of FIG. 6. 
Moreover, the use of the burst transmission technique 
(discussed in connectbn with FIGs. 1 -3) may result In 
a burst bit rate greater than B1+B2 bits/second over 

so the transmission medium. Nevertheless, after per- 
formance of the inverse of such encoding processes 
at the receiver, an average bit rate of 81+82 
bits/second should once more emerge at the Input to 
a demultiplexer 223 which divkJes the incoming 

55 stream of 81 -1-82 bits/second Into an enciphered mes- 
sage stream of BI bits/second and an encoded low- 
rate control stream of B2 bits/second. The 81 
bits/second enciphered message stream is provided 
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as input to a deciphering unit 24 (the receiver portion 
of FIG. 5) which generates a stream of deciphered 
data. The B2 bits/second control stream, on the other 
hand, is supplied to an auxiliary, low-rate channel 
decoder 228. 

The auxiliary channel decoder 228 detects the 
receipt of any time-of-day or block count data which 
may have been transmitted by the encryption device 
and checks to determine whether such data was cor- 
rectly received before resetting the decryption device. 
The error check is performed in order to avoki reset- 
ting the time dock or block counter at the receiver, 
e.g., the time dock or block counter 204, with a new 
time-of-day or block count which is inaccurate due to 
transmission enrors. A correctly received time-of-day 
or block count is passed from the auxiliary channel 
decoder 228 to the deciphering unit 224 where the 
received count Is used to verify and, if necessary, 
update the current count at the decryption device, 
e.g., the count 214 in FIG. 5. 

The process of verifying and updating of the 
receiver block count includes a number of steps and 
safeguards. In particular, account must be taken of 
the transmission delays through the auxiliary channel. 
For example, as discussed in connection with FlGs. 
1-3, the SACCH data is usually interleaved or spread 
over a plurality of consecutive message frames. Thus, 
for example, the transmitter block count value for a 
frame x at a specific moment of time is spread over y 
frames and transmitted in a series of frames, x, x+1, 
x+2, .... x+y. The delay y, however, is a systenrvdefi- 
ned constant number which may be added at the 
receiver to the block count value derived from the 
frames x, x+1, x+2, x+y and a cunrent transmitter 
block count value obtained. The current transmitter 
block count value is then compared to the current 
receiver block count value and, in the event of diverg- 
ence, the receiver block counter is reset to the value 
of the transmitter block counter for the corresponding 
moment of time. 

Further error protection may be built into the 
method of resetting the receiver block count, in the 
event of disagreement with the transmitter block 
count, by imposing a nrK>re severe criterion for reset- 
ting the most significant bits, or for otherwise causing 
a drastic step change in the receiver count value. The 
latter may be achieved, for example, by using the 
technique of "majority vote" over several count trans- 
fers, after allowing for the known increment between 
times. 

It will be appreciated from the foregoing descrip- 
tion that the present Invention provides a synchroni- 
zation mechanism which may be used independently 
of the ciphering unit 220 and the deciphering unit 224, 
respectively. The encryption of data in the communi- 
cations system may be performed by modulo-2 addi- 
tion of the keystream to the data stream, by random 
transposition of the data, l.e., alteration of the order in 



which the data bits normally appear in the message 
format, or by a combination of these techniques with- 
out departing in the least from the teachings of the 
present invention as disclosed above and further des- 

5 cribed below. 

In duplex communication applications, such as 
mobile radio telephony, the present invention, as 
heretofore illustrated and described, may be used 
Independently in each direction. Specifically, the 

10 encryption device used for encrypting transmissions 
in one direction may Include a time dock or block 
counter which is separate from, and possibly unre- 
lated to, the time dock or block counter of the decryp- 
tion device used for decrypting receptions in the other 

15 direction. Similariy, the auxiliary low-rate channel, 
which is used to periodically transfer the count state 
value in accordance with the present invention, is a 
duplex channel providing simultaneous, bidirectional 
communications. An advantageous alternative 

20 arrangement would rely on a single time-of-day or 
block-count driven keystream generator at each end 
of the communications link to produce a sufficient 
number of keystream bits for use both in enciphering 
data messages prior to transmission and in decipher- 

25 ing received data messages. 

Assuming that the number of message bits in a 
transmitted or received block in either directton is the 
same, and equal to N, the keystream generator at one 
end of the communications link would produce, using 

30 the same secret key bits and block counts as in the 
case of two keystream generators, a first N keystream 
bits, A=:(a1, a2, a3...aN), for enciphering transmitted 
messages and a second N keystream bits, 
B=(a(n+1),a(n+2)...a(2N)), for deciphering received 

35 messages. The use of the N-bit keystreams A.B for 
enciphering and deciphering, respectively, would 
then be reversed at the other end of the communi- 
cations link. Hence, only one block count synchroni- 
zation is necessary and this synchronization may be 

40 achieved using the low-rate auxiliary channel in one 
direction only. 

As mentioned eariier, the chief function of the 
SACCH Is to carry signal strength infonnation from 
the mobile station to a base station in the land net- 

45 work. The SACCH in the opposite direction, i.e., base 
station to nruDbile station, exists mainly because of 
symmetry reasons and often lays idle. Consequently, 
it may be advantageous to designate the base sta- 
tion's time clock or block counter as the "master* and 

50 to periodically transmit the base station's count value 
in the frequently Idle SACCH direction to the mobile 
station so as to provide continuous resynchronization 
in accordance with the foregoing description of the 
present invention. Should the need arise to transfer 

55 some other low-rate data over the SACCH in the 
direction of land network to mobile station, the other 
data may be accorded priority and transmission of the 
base station count value may be resumed thereafter. 
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in this aspect of the present invention, transmission of 
the time-of-day or block count value nnay be con- 
sidered to representant the default state of the 
SACCH channel in the direction of land network to 
mobile which is interupted for the transmission of 
higher priority messages. 

The N or 2N bits produced by a keystream 
generator with each new value of the associated time 
clock or block counter are used for enciphering or 
deciphering groups of N message data bits in one or 
both directions, respectively. Multiplexed with these 
N-bit message groups are additional bits forming the 
auxiliary low-rate channel, which may be used, inter 
alia, for cipher synchronization in accordance with the 
present invention. Several different patterns may be 
used for multiplexing the auxiliary channel bits with 
the message data bits. However, to minimize the 
amount of overhead bits which are added to blocks of 
data by the auxiliary low-rate bit stream, a multiplex- 
ing format as illustrated In FIG. 7 may be selected. 

Referring now to FIG. 7, there is shown therein an 
exemplary multiplexing format which may be used in 
accordance with the present invention. FIG. 7 illus- 
trates how a small number of low-rate channel bits, 
SI, S2, S3, S4 etc., may be included in each N-bit 
message group, the whole auxiliary message format 
only repeated over a number of such groups. As- 
suming that the auxiliary bit stream contains its own 
message start indicator code, the auxiliary message 
length does not necessarily need to be contained in 
an integral number of message groups. However, 
auxiliary message synchronization may be simplified 
if the auxiliary message length Is deliberately aligned 
with an integral number of traffic message blocks. 

Figure 7 also illustrates how interieaving of the 
auxiliary bit streams over a number of message 
blocks may be used to disperse the burst errors that 
can arise if a whole message block, including auxiliary 
bits, is not correctly received. Where the decoder for 
the low-rate channel is equipped with error correcting 
coding, the dispersal of such burst enrors enables the 
decoder to easily detect and correct such errors. 

Another embodiment of the inventive method will 
now be described. Figure 8 Is a block schematic which 
Illustrates that part of a base station in which the 
inventive method Is applied. 

A speech coder 1 generates coded speech/data 
signals received from an analog/digital converter (not 
shown) and the speech-coded signals are passed to 
a channel coder 2, which Introduces a given redun- 
dancy for the purpose of discovering and correcting 
bit errors in the speech/data block. 

A FACCH-generator FA generates control and 
monitoring signals for transmission between the base 
station and a mobile station. These signals are gen- 
erated in blocks and one such block can replace a 
speech/data block in a TDMA-frame in a known man- 
ner at any time whatsoever when the system finds it 



suitable. A FACCH-block includes a flag, a message 
and a check field so-called CRC, in total 65 bits. The 
FACCH-block Is coded In the channel coder 3 so as 
to render the block more tolerable to bit errors than the 

5 speech/data block. 

A SACCH-generator SA generates the control 
and monitoring messages between the base station 
and the mobile with a duration of 12 bits and occupies 
only a small part of a time slot in a TDMA-frame, 

10 although each time slot includes these SACCH-bits. 
The SACCH-generator SA is connected to a channel 
coder 4 and to an interieaver 6 which divides a 
SACCH-word into bursts, each of 12 bits, and Inter- 
foliates these bursts over a given number of frames, 

15 The channel coders 2 and 3 have outputs con- 

nected to a selectors. In one position of the selector 
(upper position), the channel coded speech/data sig- 
nals from the channel coder 2 are delivered to an 
adder 8, whereas In the other position of the coder 

20 (bottom position), the associated control channel sig- 
nals from the channel coder 3 are applied to the adder 
8. 

The various signals from the selector 5 and the 
Interieaver 6, and a sync-message SY and a verlfi- 

25 cation code DVCC are combined in a burst generator 
9 to form a single burst of signals whteh occupy a 
given time slot All of these signals form a channel to 
a given receiving mobile and are thereafter modulated 
with a given carrier frequency. 

30 Prior to transmission, the signals from the 

speech/data generator 1 and from the FACCH-gener- 
ator FA shall be ciphered with a given ciphering code, 
whereas the SACCH-signals shall be transmitted 
unciphered. To this end, there is provided a clpher- 

35 generator 11 which generates a pseudo random 
sequence to the modulo-2 adder 8. In this way, the 
random sequence Is added (nnod 2) to the interfoliated 
speech/data signals and the FACCH-slgnals in the 
selector 5 and the signals are thus ciphered. 

40 The cipher-generator is controlled by a cipher 

code from the unit 12 and by a frame counter 10, in a 
manner to generate the pseudo random sequence. In 
this case, the cipher code comprises the given con- 
figuration of a whole bit pattern of a pulse sequence 

45 and also the start of the pulse sequence. The starting 
time point of the pulse sequence within a frame is 
determined by the frame counter 10. 

A microprocessor 13 is connected between the 
frame counter 1 0 and to a control input of the SACCH- 

50 generator SA for the purpose of carrying out the 
inventive method, which will now be described in 
more detail with reference to Figure 9. 

The SACCH-generator SA in Figure 8 generates 
SACCH-words in sequence, each word containing 66 

55 bits. Subsequent to passing through the channel 
coder 4, there Is obtained a 132-bit word which con- 
tains parity bits, etc. The Interieaver unit 6 groups 
these 132 bits In each word into groups of 12-b!ts, so 
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that the burst generator 9 is able to transmit 12 bits 
from each SACCH-word in the duration of one time 
slot Each SACCH-word is thus divided into 132/12 = 
1 1 time slots during sequential frames, i.e. 1 1 frames 
are required for transmitting one SACCH word. 

According to the proposed method, SACCH- 
words are used In sequence for transmitting continu- 
ously Information concerning the frame count status 
(sequence number) of the base station to the frame 
counter of the mobile, for the purpose of synchroniz- 
ing the two frame counters. Since the frame counters 
control the ciphering in the base station and in the 
mobile respectively, the ciphering can therefore also 
be synchronized. The base station transmits a given 
frame counter number via the SACCH-channel (non- 
ciphered), and the frame counter number of the 
mobile shall therewith coincide with the transmitted 
base station number while taking into account known 
delays and group transit times between base station 
and mobile. 

At a given arbitrary time point to, according to Fig- 
ure 9, there is transmitted a burst SI belonging to the 
SACCH-word W3, which contains information con- 
cerning the value to which the frame counter of the 
base station is set when receiving the SACCH-word 
W3 In the nK)bile. As an example, it is assumed that 
at the time to of transmitting the SACCH-word, the 
base-station frame counter is set to the numerical 
value 24. It is also assumed in the Figure 9 example 
that the SACCH-word W3 is transmitted during the 
aforesaid 11 bursts, S1-S11, i.e. during the duration 
R1-R11 of the frame. 

When the last burst S1 1 has been received in the 
mobile at ti , the nrK)bile will know the value transmitted 
from the base station. The frame counter of the base 
station has then reached the value 24 + 1 1 = 35. Thus, 
the value 35 in the SACCH-word W3 is transmitted to 
the mobile during the time interval to-t^. The frame 
counter value 35 obtained is compared in the mobile 
with its frame counter setting and a confection is made 
if the values do not coincide. Ciphering continues over 
the whole period and remains unchanged. 

During the next SACCH-word W4, a new frame 
counter number, namely 46, Is transmitted in a simitar 
manner by means of the bursts S12-S22, since when 
this new number is received by the nrK>bile at the time 
t2, the frame counter of the base station Is set to 35 + 
1 1 = 46. The transmission of frame counter numbers 
from the base station to the mobile is continued con- 
tinuously in the same manner, thereby enabling con- 
tinuous monitoring of the frame counter of the mobile 
to be carried out and optional adjustments to be made 
to said counter. This enables ciphering to be con- 
stantly synchronized between base station and 
mobile, since ciphering is dependent on which frame 
counter number is sent to the ciphering generator 1 1 
in Figure 8. 

The aforesaid adjustment of the frame counter 



number of the base station with respect to the number 
of transmitted bursts S1-S11, S12-S22,... is carried 
out by the microprocessor 13 between the frame 
counter 10 and the SACCH-generator SA. The micro- 

5 processor 13 also corrects the value obtained from 
the frame counter 10 with respect to the time delay in 
the transmission circuits. The time delay constitutes 
a known parameter. The propagation time of the radio 
signal between base station and mobile is in the order 

10 of some microseconds, whereas the distance be- 
tween two mutually sequential frames is 20 ms and is 
compensated for by means of the synchronizing word 
in a burst The time delay parameter is thus not influ- 
enced by the propagation time over the radio medium. 

15 Thus, the proposed method makes possible non-ci- 
phered signalling of synchronizing information for 
ciphering/deciphering between a base station and a 
mobile. This signalling is additional to the normal 
synchronization between the ciphered fast 

20 associated control channel FACCH and replaces this 
normal synchronization in the event of a drop-off. 

The foregoing description shows only certain par- 
ticular embodiments of the present invention. How- 
ever, those skilled in the art will recognize that many 

25 modifications and variations bay be made without 
departing substantially from the spirit and scope of the 
present invention. Accordingly, it should be cleariy 
understood that the form of the invention described 
herein is exemplary only and is not intended as a limi- 

30 tation on the scope of the invention as defined in the 
following claims. 



Claims 

35 

1. A method of communicating with cryptographi- 
cally encoded data within a digital telecommuni- 
cations system, comprising: 

generating a first pseudo-random key 
40 stream of bits in accordance with an algorithm 

which is a function of a multi-bit digital value con- 
tained in a first register; 

incrementing the value contained in said 
first register at regular periodic intervals to vary 
45 the pattern of bits in the first key stream; 

combining the bits of the first pseudo-ran- 
dom key stream with a stream of data bits cany- 
ing communications information to 
cryptographically encode said data; 
50 transmitting said encoded data to a recei- 

ver; 

transmitting to said receiver at regular 
periodic intervals and interspersed with said 
transmissions of encoded data the value con- 
55 tained in said first register; 

generating a second pseudo-random key 
stream of bits in accordance with said algorithm 
which is a function of a multibit digital value con- 
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tained in a second register; 

incrementing the value contained in said 
second register at the same regular periodic inter- 
vals as said first register to vary the pattern of bits 
in the second key stream in an identical fashion 5 
to the pattern of bits in the first key stream; 

combining the bits of the second pseudo- 
random key stream with the received stream of 
cryptographicaliy encoded data to decode said 
data into said communications infonmation; and io 

periodically comparing the value con- 
tained In said second register with the received 
value of the first register to determine whether the 
two values correspond for corresponding 
moments of time and whether the first and second 15 
key streams are in synchronism with one another 

A method of communicating with cryptographi- 
caliy encoded data within a digital telecommuni- 
cations system as set forth in Claim 1 which also 20 
includes: 

resetting the value contained in said sec- 
ond register with the received value of the first 
register for a corresponding moment in time when 
the values have become different to 25 
resynchronize the first and second key streams 
with one another. 

A method of communicating with cryptographi- 
caliy encoded data within a digital telecommuni- so 
cations system as set forth in Claim 1 in which: 

said step of transmitting to said receiver at 
regular periodic intervals and interspersed with 
said transmissions of encoded data the value 
contained in said first register includes multiplex- 35 
ing said encoded data transmissions and said 
transmissions of first register values. 

A method of communicating with cryptographi- 
caliy encoded data within a digital telecommuni- 40 
cations system as set forth In Claim 3 in which: 

said first register values are transmitted on 
a low bit rate auxiliary channel of a digital cellular 
communications stream. 

45 

A method of communicating with cryptographi- 
caliy encoded data within a digital telecommuni- 
cations system as set forth in Claim 4 wherein: 

said low bit rate auxiliary channel is a slow 
associated control channel. 50 

A method of communicating with cryptographi- 
caliy encoded data within a digital telecommuni- 
cations system as set forth in Claim 4 wherein: 

said first register values are combined with 55 
other low-rate data on said low bit rate auxiliary 
channel. 



7. A method of communicating with cryptographi- 
caliy encoded data within a digital telecommuni- 
cations system as set forth in Claim 6 in which: 

transmission of said first register values 
are temporarily interupted when It is necessary to 
transmit other data on said lowbit rate auxiliary 
channel. 

8. A method of communicating with cryptographi- 
caliy encoded data within a digital telecommuni- 
cations system as set forth in Claim 1 in which: 

said step of periodically comparing the 
value contained In said second register with the 
received value of the first register to determine 
whether two values correspond for corresponding 
moments of time and whether the first and second 
key streams are in synchronism with one another 
Includes adding to the received value of the first 
register an incremental value to accountfor a time 
delay in transmission. 

9. A method of communicating with cryptographi- 
caliy encoded data within a digital telecommuni- 
cations system as set forth in Claim 1 in which: 

the bits of the first pseudo-random key 
stream are combined with said stream of data bits 
carrying communications infonmation by nrnxJulo- 
2 addition; and 

the bits of the second pseudo-random key 
stream are combined with the received stream of 
cryptographicaliy encoded data by modulo-2 sut>- 
traction. 

10. A method of communicating with cryptographi- 
caliy encoded data within a digital telecommuni- 
cations system as set forth in Claim 1 in which: 

the bits of the first pseudo-random key 
stream are combined with said stream of data bits 
carrying communicatk}ns infonmation to alter the 
order thereof; and 

the bits of the second pseudo-random key 
stream are combined with the received stream of 
cryptographicaliy encoded data to restore the 
original order therof. 

11. A system for communicating with cryptographi- 
caliy encoded data within a digital telecommunl- 
catfons system, comprising; 

means for generating a first pseudo-ran- 
dom key stream of bits in accordance with an 
algorithm which is a function of a multi-bit digital 
value contained in a first register; 

means for Incrementing the value con- 
tained in said first register at regular periodic 
intervals to vary the pattern of bits in the first key 
stream; 

means for combining the bits of the first 
pseudo-random key stream with a stream of data 
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bits carrying communications infonmation to cryp- 
tographically encode said data; 

means for transmitting to said receiver at 
regular periodic intervals and interspersed with 
said transmissions of encoded data the value 
contained in said first register; 

means for generating a second pseudo- 
random key stream of bits in accordance with said 
algorithm which is a function of a multi-bit digital 
value contained in a second register; 

means for incrementing the value con- 
tained in said second register at the same regular 
periodic intervals as said first register to vary the 
pattern of bits in the second key stream in an iden- 
tical fashion to the pattern of bits in the first key 
stream; 

means for combining the bits of the second 
pseudo-random key stream with the received 
stream of cryptographically encoded data to 
decode said data into said communications infor- 
mation; and 

means for periodically comparing the 
value contained In said second register with the 
received value of the first register to determine 
whether the two values conrespond for corre- 
sponding moments of time and whether the first 
and second key streams are In synchronism with 
one another. 

12. A system for communicating with cryptographi- 
cally encoded data within a digital telecommuni- 
cations system as set forth in Claim 1 1 which also 
includes: 

means for resetting the value contained in 
said second register with the received value of the 
first register for a corresponding moment In time 
when the values have become different to 
resynchronize the first and second key streams 
eith one another. 

13. A system for communicating with cryptographi- 
cally encoded data within a digital telecommuni- 
cations system as set forth in Claim 11 in which: 

said means for transmitting to said 
receiver at regular periodic intervals and 
interspersed with said transmissions of encoded 
data the value contained in said first register 
includes means for multiplexing said encoded 
data transmissions and said transmissions of first 
register values. 

14. A system for communicating with cryptographi- 
cally encoded data within a digital telecommuni- 
cations system as set forth in Claim 13 in which: 

said first register values are transmitted on 
a low bit rate auxiliary channel of a digital cellular 
communications stream. 



15. A system for communicating with cryptographi- 
cally encoded data within a digital telecommuni- 
cations system as set forth in Claim 14 wherein: 

said low bit rate auxiliary channel Is a slow 
5 associated control channel. 

16. A system for communicating with cryptographi- 
cally encoded data within a digital telecommuni- 
cations system as set forth in Claim 14 wherein: 

10 said first register values are combined with 

other low-rate data on said low bit rate auxiliary 
channel. 

17. A system for communicating with cryptographi- 
es cally encoded data within a digital telecommuni- 

catbns system as set forth in Claim 16 which also 
includes: 

means for temporarily interrupting trans- 
mission of said first register values when it is 
20 necessary to transmit other data on said low bit 

rate auxiliary channel. 

18. A system for communicating with cryptographi- 
cally encoded data within a digital telecommuni- 

25 cations system as set forth in Claim 1 1 in which: 

said means for periodically comparing the 
value contained in said second register with the 
received value of the first register to determine 
whether two values correspond for corresponding 

30 moments of time and whether the first and second 

key streams are in synchronism with one another 
includes means for adding to the received value 
of the first register an incremental value to 
account for a time delay in transmission. 

35 

19. A system for communicating with crytographically 
encoded data within a digital telecommunications 
system as set forth in Claim 1 1 in which: 

the bits of the first pseudo-random key 
40 Stream are combined with said stream of data bits 

carrying communications infonmation by modulo- 
2 addition; and 

the bits of the second pseudo-random key 
stream are combined with the received stream of 
45 cryptographically encoded data by modulo-2 suth 

traction. 

20. A system for communicating with cryptographi- 
cally encoded data within a digital telecommuni- 

50 cations system asset forth in Claim 1 1 in which: 

the bits of the first pseudo-random key 
stream are combined with said steam of databits 
carrying communications information to alter the 
order therof; and 

55 the bits of the second pseudo-random key 

stream are combined with the received stream of 
cryptographically encoded data to restore the 
original order therof. 
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21. A method for duplex communication with cryp- 
tographically encoded data within a digital tele- 
communications system, comprising: 

generating at a first location a first pseudo- 
random key stream of bits in accordance with an 
algorithm which is a function of a multi-bit digital 
value contained in a first register; 

incrementing the value contained in said 
first register at regular periodic intervals to vary 
the pattern of bits in the first key stream; 

combining the bits of the first pseudo-ran- 
dom key stream with a stream of data bits carry- 
ing communications infomiation to be sent from 
said first location to a second location to cryp- 
tographically encode said data stream and with a 
stream of cryptoghraphically encoded data 
stream received from said second location; 

transmitting the data stream encoded at 
said first location to a recelveat said second loca- 
tion; 

transmitting to said receiver at said second 
location at regular periodic intervals and 
interspersed with said transmissions of encoded 
data the value contained in said first register; 

generating a second pseudo-random key 
stream of bits in accordance with said algorithm 
which is a function of a multibit digital value con- 
tained In a second register; 

incrementing the value contained in said 
second register at the same regular periodic inter- 
vals as said first register to vary the pattern of bits 
in the second key stream in an identical fashion 
to the pattern of bits In the first key stream; 

combining the bits of the second pseudo- 
random key stream with the stream of cryp- 
tographically encoded data received at said 
second location to decode said data into said 
communications Information and with a stream of 
data bit carrying communications information to 
be sent from said second location to said first lok- 
cation to cryptograhically encode said data 
stream; 

transmitting the data stream encoded at 
the second location to a receiver at the first loca- 
tion 

periodically comparing the value con- 
tained In said second register with the received 
value of the first register to determine whether the 
two values conrespond for corresponding 
moments of time and whether the first and second 
key streams are in synchronism with one another. 

22. A method for duplex communication with cryp- 
tographically encoded data within a digital tele- 
communications system as set forth in Claim 21 
which also includes: 

resetting the value contained in said sec- 
ond register with the received value of the first 



register for a corresponding moment in time when 
the values have become different to 
resynchronize the first and second key streams 
with one another. 

5 

23. A method for duplex communication with cryp- 
tographically encoded data within a digital tele- 
communications system as set forth In Claim 21 
in which: 

10 said step of transmitting to said receiver at 

regular periodic intervals and interspersed with 
said transmissions of encoded data the value 
contained in said first register includes multiplex- 
ing said encoded data transmissions and said 

15 transmissions of first reg ister values. 

24. A method for duplex communication with cryp- 
tographically encoded data within a digital tele- 
communications system as set forth in Claim 23 

20 in which: 

said first register values are transmitted on 
a low bit rate auxiliary channel of a digital cellular 
communications stream. 

25 25. A method for duplex communication with cryptog- 
rahically encoded data within a digital teleconv 
munications system as set forth in Claim 24 
wherein: 

said lowbit rate auxiliary channel is a slow 
30 associated control channel. 

26, A method for duplex communication with cryp- 
tographically encoded data within a digital tele- 
communications system as set forth In Claim 24 
35 wherein: 

said first register values are combined with 
other low-rate data on said low bit rate auxiliary 
channel. 

40 27. A method for duplex communication with cryp- 
tographically encoded data within a digital tele- 
communications system as set forth in Claim 26 
in which: 

transmission of said first register values 
45 are temporally interupted when it Is necessary to 

transmit other data on said low bit rate auxiliary 
channel. 

28. A method for duplex communication with cryp- 
50 tographlcally encoded data within a digital tele- 

communications system as set forth In Claim 21 
In which: 

said step of periodically comparing the 
value contained in said second register with the 
55 received value of the first register to determine 

whether the two values correspond for corre- 
sponding nroments of time and whether the first 
and second key streams are In synchronism with 



16 



29 



EP 0 446 194 A1 



30 



one another includes adding to the received value 
of the first register an incremental value to 
account for a time delay in transmission. 

29. A method for duplex communication with cryp- 
tographically encoded data fwithin a digital tele- 
communications system as set forth in Claim 21 
in which: 

the bits of the first pseudo-random key 
stream are combined with said stream of data bits 
canying communications information by modulo- 
2 addition; and 

the bits of the second pseudo-random key 
stream are combined with the received stream of 
cryptographicaily encoded data by modulo-2 sub- 
traction. 

30. A system for duplex communication with cryp- 
tographicaily encoded data within a digital tele- 
communications system, comprising; 

means for generating at a first location a 
first pseudorandom key stream of bits in accord- 
ance with an algorithm which is a function of a 
multi-bit digital value contained in a first register; 

means for incrementing the value con- 
tained in said first register at regular periodic 
intervals to vary the pattern of bits in the first key 
stream; 

means for combining the bits of the first 
pseudo-random key stream with a stream of data 
bits carrying communications information to be 
sent from said first location to a second location 
to cryptographicaily encode said data stream and 
with a stream of cryptographicaily encoded data 
stream received from said second location; 

means for transmitting the data stream 
encoded at said first location to a receiver at said 
second iokcation; 

means for transmitting to said receiver at 
said second location at regular periodic intervals 
and interspersed with said transmissions of 
encoded data the value contained in said first 
register; 

means for generating a second pseudo- 
random key stream of bits in accordance with said 
algorithm which is a functbn of a multi-bit digital 
value contained in a second register; 

means for incrementing the value con- 
tained in said second register at the same regular 
periodic intervals as said first register to vary the 
pattern of bits in the second key stream in an iden- 
tical fashion to the pattern of bits in the first key 
stream; 

means for combining the bits of the second 
pseudo-random key stream with the stream of 
cryptographicaily encoded data received at said 
second location to decode said data into said 
communications information and with a stream of 



data bit carrying communications to be sent from 
said second location to said first location to cryp- 
tographicaily encode said data stream; 

means for transmitting the data stream 
5 encoded at the second location to a receiver at 

the first location; and 

means for periodically comparing the 
value contained in said second register with the 
received value of the first register to determine 
10 whether the two values correspond for con'e- 

spending moments of time and whether the first 
and second key streams are in synchronism with 
one another. 

15 31. A system for duplex communication with cryp- 
tographicaily encoded data within a digital tele- 
communications system as set forth in Claim 30 
which also includes: 

means for resetting the value contained in 

20 said second register with the received value of the 

first register for a corresponding moment in time 
when the values have become differens to 
resynchronize the first and second key streams 
with one another. 

25 

32. A system for duplex communication with cryp- 
tographicaily encoded data within a digital tele- 
communications system as set forth in Claim 30 
in which: 

30 said step of transmitting to said receiver at 

regular periodic intervals and interspersed with 
said transmissions of encoded data the value 
contained in said first register includes multiplex- 
ing said encoded data transmissions and said 

35 transmissions of first reg ister values. 

33. A system for duplex communication with cryp- 
tographicaily encoded data within a digital tele- 
communications system as set forth in Claim 32 

40 in which: 

said first register values are transmitted on 
a low bit rate auxiliary channel of a digital cellular 
communications stream. 

45 34. A system for duplex communication with cryp- 
tographicaily encoded data within a digital tele- 
communications system as set forth in Claim 33 
wherein: 

said low bit rate auxiliary channel is a slow 
50 associated control channel. 

35, A system for duplex communication with cryp- 
tographicaily encoded data within a digital tele- 
communications system as set forth in Claim 33 
55 wherin: 

said first reg ister values are combined with 
other low-rate data on said low bit rate auxiliary 
channel. 
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36. A system for duplex communication with cryptog- 
rahically encoded data within a digital telecom- 
munications system as set forth in Claim 35 in 
which: 

transmission of said first register values 5 
are temporarily interrupted when it is necessary 
to transmit other data on said low bit rate auxiliary 
channel. 

37. A system for duplex communication with cryptog- io 
rahically encoded data within a digital telecom- 
munications system as set forth in Claim 30 in 
which: 

said step of periodically comparing the 
value contained in said second register with the 15 
received value of the first register to determine 
whether the two values correspond for corre- 
sponding moments of time and whether the first 
and second key streams are in synchronism with 
one another includes adding to the received value 20 
of the first register an incremental value to 
account for a time delay in transmission. 

38. A system for duplex communication with cryp- 
tographically encoded data within a digital tele- 25 
communications system as set forth in Claim 30 

in which: 

the bits of the first pseudo-random key 
stream are combined with said stream of data bits 
carrying communications infonmation by modulo- 30 
2 addition; and 

the bits of the second pseudo-random key 
stream are combined with the received stream of 
cryptographically encoded data by nrK>dulo-2 sub- 
traction. 35 

39. A method of transmitting synchronizing infor- 
mation in the ciphered transmission of signals be- 
tween a base station and a mobile station in a 
mobile radio system which operates in accord- 40 
ance with the TDMA-principle with transmission 

in frames and time slots, wherein control infor- 
matbn is transmitted over a ciphered associated 
control channel (FACCH) and a non-ciphered 
associated control channel (SACCH), and whe- 45 
rein the base station and the mobile station each 
include a frame counter which counts transmitted 
and received frames (R1-R11,..) and which con- 
trols the formulation of a cipher sequence which 
is superimposed in the base station on the non- so 
ciphered signals transmitted to the mobile station, 
by transmitting over the non-ciphered associated 
control channel (SACCH) from the base station 
during a given number of frames {R1-R11) an 
information word (W3) which denotes the sequ- 55 
ence number (35, 46,...) for that frame for which 
the frame counter of the mobile shall be set at the 
time (ti) at which said information word (W3) was 



received and which is related to the sequence 
number for the base-station frame counter at the 
time (to) at which the information word (W3) was 
transmitted. 

40. A method according to Claim 39, wherein by said 
information word (W3) relating to the sequence 
number of the mobile-station frame counter in the 
form of a plurality of bursts (S1-S11) is transmit- 
ted during a corresponding number of frames 
(R1-R11), and wherein the sequence number is 
the same as the sequence number of the base- 
station frame counter at the transmission time (to) 
increased with the number of bursts required for 
transmission of the information word. 

41. A method according to Claims 39, wherein said 
infonmation word (W3) is followed with a further 
infonmation word (W4, W5,...) which is transmit- 
ted to the mobile station for continuously monitor- 
ing of the counter setting of the frame counter in 
the mobile station. 

42. A method of providing synchronization between a 
circuit for generating a first pseudo-random key 
stream of bits to be used in enciphering a stream 
of data bits with a circuit for generating a second 
pseudo-random key stream of bit to be used in 
deciphering the enciphered stream of data bits, 
said method comprising: 

periodically encoding synchronism infor- 
mation related to said first key stream onto a low 
data rate channel; and 

sending said synchronism information 
from the circuit generating said first key stream to 
the circuit generating saki second key stream 
interspersed with transmissions of the 
enciphered data bit stream. 
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